Security
Security scanning and vulnerability detection
instance-security
by groeimetai
This skill should be used when the user asks to "instance security", "hardening", "security best practices", "authentication", "SSO", "MFA", "session", "XSS", "injection", or any ServiceNow Instance Security development.
spec-to-code-compliance
by trailofbits
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.
code-review
by kdcokenny
Comprehensive code review methodology with severity classification and confidence thresholds
guardian-cli
by zakirkun
An enterprise-grade, AI-powered penetration testing automation CLI tool. Orchestrates multiple specialized AI agents (Planner, ToolAgent, Analyst, Reporter) backed by 4 AI providers (OpenAI, Claude, Gemini, OpenRouter) and 19 integrated security tools through YAML-defined workflows. Produces professional Markdown, HTML, or JSON security reports with full evidence capture and traceability.
onvifscan
by BrownFineSecurity
ONVIF device security scanner for testing authentication and brute-forcing credentials. Use when you need to assess security of IP cameras or ONVIF-enabled devices.
blogwatcher
by elizaOS
Monitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
security-auditor
by alirezarezvani
Continuous security vulnerability scanning for OWASP Top 10, common vulnerabilities, and insecure patterns. Use when reviewing code, before deployments, or on file changes. Scans for SQL injection, XSS, secrets exposure, auth issues. Triggers on file changes, security mentions, deployment prep.
dependency-auditor
by alirezarezvani
Check dependencies for known vulnerabilities using npm audit, pip-audit, etc. Use when package.json or requirements.txt changes, or before deployments. Alerts on vulnerable dependencies. Triggers on dependency file changes, deployment prep, security mentions.
code-reviewer
by alirezarezvani
Automatic code quality and best practices analysis. Use proactively when files are modified, saved, or committed. Analyzes code style, patterns, potential bugs, and security basics. Triggers on file changes, git diff, code edits, quality mentions.
pronunciation-specialist
by bitwize-music-studio
Scans lyrics for pronunciation risks and prevents Suno mispronunciations. Use when writing lyrics with proper nouns, technical terms, homographs, or non-English words.
healthcheck
by elizaOS
Host security hardening and risk-tolerance configuration for Otto deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, Otto cron scheduling for periodic checks, or version status checks on a machine running Otto (laptop, workstation, Pi, VPS).
prowler-docs
by prowler-cloud
Prowler documentation style guide and writing standards. Trigger: When writing documentation for Prowler features, tutorials, or guides.
gemini-peer-review
by jezweb
"Get a second opinion from Gemini on code, architecture, debugging, or security. Uses gemini-coach CLI with AI-to-AI prompting for clear, actionable analysis. Trigger with 'ask gemini', 'gemini review', 'second opinion', 'peer review', or 'consult gemini'."
code-review
by ThinkInAIXYZ
Comprehensive code review assistant that analyzes code quality, security, and best practices
security-audit
by mono
Audit SkiaSharp's native dependencies for security vulnerabilities and CVEs. Read-only investigation that produces a status report with recommendations. Use when user asks to: - Audit security issues or CVEs - Check CVE status across dependencies - Find security-related issues and their PR coverage - Get an overview of open vulnerabilities - See what security work is pending Triggers: "security audit", "audit CVEs", "CVE status", "what security issues are open", "check vulnerability status", "security overview", "what CVEs need fixing". This skill is READ-ONLY. To actually fix issues, use the native-dependency-update skill.
claw-release
by prompt-security
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
clawtributor
by prompt-security
Community incident reporting for AI agents. Contribute to collective security by reporting threats.
clawsec-feed
by prompt-security
Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.
clawsec-suite
by prompt-security
ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
soul-guardian
by prompt-security
Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
gitops-repo-audit
by fluxcd
Audit Flux CD GitOps repositories for structure, security, API compliance, and best practices. Use this skill whenever the user asks to audit, analyze, review, validate, or check a GitOps repository. Also use it when users mention Flux repo structure, GitOps best practices, manifest validation, deprecated APIs, security review, or repository organization — even if they don't explicitly say "audit".
skills-eval
by athola
Evaluate and improve Claude skill quality through auditing. Use when
kaizen:analyse-problem
by NeoLabHQ
Comprehensive A3 one-page problem analysis with root cause and action plan
best-practices
by tech-leads-club
Apply modern web development best practices for security, compatibility, and code quality. Use when asked to "apply best practices", "security audit", "modernize code", "code quality review", or "check for vulnerabilities".